Skip to content

Commit e501d7d

Browse files
author
igor.grzankowski
committed
Add CLA check
1 parent 1b0ee23 commit e501d7d

File tree

1 file changed

+89
-0
lines changed

1 file changed

+89
-0
lines changed

.github/workflows/cla-check.yml

Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
name: "CLA Check"
2+
on:
3+
issue_comment:
4+
types: [created]
5+
pull_request_target:
6+
types: [opened, closed, synchronize]
7+
8+
permissions:
9+
actions: write
10+
contents: write
11+
pull-requests: write
12+
statuses: write
13+
14+
jobs:
15+
cla-check:
16+
runs-on: ubuntu-latest
17+
steps:
18+
- name: Check if user is Splunk org member
19+
id: check-org
20+
continue-on-error: true
21+
run: |
22+
# Check if the PR author is a member of the Splunk organization
23+
if [ "${{ github.event_name }}" == "pull_request_target" ]; then
24+
AUTHOR="${{ github.event.pull_request.user.login }}"
25+
else
26+
AUTHOR="${{ github.event.comment.user.login }}"
27+
fi
28+
29+
echo "Checking if $AUTHOR is a Splunk org member..."
30+
31+
# Check organization membership (returns 204 if member, 404 if not)
32+
STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
33+
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
34+
"https://api.github.com/orgs/splunk/members/$AUTHOR")
35+
36+
if [ "$STATUS" == "204" ]; then
37+
echo "is_splunk_member=true" >> $GITHUB_OUTPUT
38+
echo "✅ $AUTHOR is a Splunk organization member"
39+
else
40+
echo "is_splunk_member=false" >> $GITHUB_OUTPUT
41+
echo "ℹ️ $AUTHOR is not a Splunk organization member"
42+
fi
43+
44+
- name: Set success status for Splunk employees
45+
if: steps.check-org.outputs.is_splunk_member == 'true' && github.event_name == 'pull_request_target'
46+
uses: actions/github-script@v7
47+
with:
48+
script: |
49+
// Post success comment
50+
await github.rest.issues.createComment({
51+
issue_number: context.issue.number,
52+
owner: context.repo.owner,
53+
repo: context.repo.repo,
54+
body: '✅ **CLA verification passed** - Contributor is a Splunk organization member. No additional CLA signature required.'
55+
});
56+
57+
// Set commit status to success
58+
await github.rest.repos.createCommitStatus({
59+
owner: context.repo.owner,
60+
repo: context.repo.repo,
61+
sha: context.payload.pull_request.head.sha,
62+
state: 'success',
63+
context: 'CLA Check',
64+
description: 'Splunk org member - CLA not required'
65+
});
66+
67+
- name: "CLA Check"
68+
if: |
69+
steps.check-org.outputs.is_splunk_member != 'true' &&
70+
((github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target')
71+
uses: contributor-assistant/[email protected]
72+
env:
73+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
74+
# The below token should have repo scope and must be manually added by a maintainer in the GitHub Secrets
75+
PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_ASSISTANT_PAT }}
76+
with:
77+
path-to-signatures: '.github/cla-signatures.json'
78+
path-to-document: 'https://www.splunk.com/en_us/form/contributions.html'
79+
branch: 'main'
80+
allowlist: bot*,dependabot*,*[bot],renovate*,snyk-bot
81+
82+
# the following fields are optional
83+
remote-organization-name: splunk
84+
remote-repository-name: splunk-operator-cla-signatures
85+
86+
# custom messages
87+
custom-pr-sign-comment: 'Thank you for your contribution! Before we can merge this pull request, we need you to sign our Contributor License Agreement.<br /><br />**📝 Please visit [Splunk CLA Form](https://www.splunk.com/en_us/form/contributions.html) to sign the CLA.**<br /><br />Once you have signed, please comment:<br />```I have read the CLA Document and I hereby sign the CLA```<br /><br />**Note**: Splunk organization members are automatically verified and do not need to sign.'
88+
custom-allsigned-prcomment: 'All contributors have signed the CLA ✅. Thank you!'
89+
lock-pullrequest-aftermerge: false

0 commit comments

Comments
 (0)